[Dnssec-trigger] uk.uk. failing probes

W.C.A. Wijngaards wouter at nlnetlabs.nl
Tue Jan 23 11:28:48 UTC 2018


Hi Petr,

On 23/01/18 12:17, Petr Menšík wrote:
> Hello,
> 
> I just tried new 0.15 dnssec-trigger. Once again there is problem with
> domain chosen to make probes.
> 
> $ dig @dns2.nic.uk. +norec +dnssec -t SOA uk.uk.
> 
> returns NXDOMAIN.

Yes, that is why it is there.  To get an NSEC3 response.

> 
> For that reason, gen_random_nsec3_dest probe "_probe.uk.uk." will always
> fail if chosen. Manual dnssec-trigger-control reprobe might be required.

No, it works to get an NSEC3 response.

> 
> My question is same as the last time. How were that domains chosen?

At random.

> 
> I found it cannot be even registered again:
> https://www.nominet.uk/whois/?query=uk.uk#whois-results

That is a good reason to have picked it; i.e. no registerable domain to
elicit NXDOMAIN responses.

> 
> Have been domain owners asked it is ok to use their domains?

No, but if they wouldn't like it, we would of course pick some other
NXDOMAIN response.

Best regards, Wouter


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.nlnetlabs.nl/pipermail/dnssec-trigger/attachments/20180123/8ce90468/attachment.bin>


More information about the dnssec-trigger mailing list